Jouko Pynnonen reported[3] that the Imp webmail version 2.x has a SQLinjection vulnerability[2].

Imp can optionally store user preferences, contacts list and sessionIDs in a SQL database. A remote attacker can use this vulnerabilityto execute SQL commands and possibly get session IDs and stealanother user's webmail session. Other consequences are possible anddepend on the privileges Imp has in the database. Usually, theseprivileges are limited to the Imp database itself, but this is siteand database specific.

This update also contains some fixes for Imp and Horde to make themwork with PHP 4.3.2.

Solution:The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade'